| Recently, great attention has been paid to the information security because of the rapid growth of computer networks. User authentication technique, especially authentication protocols and systems, play important roles in the field of information security. Authentication is to reliably verify the identity of network communication entities, and it is the base of mutual-trust relationship between entities. The study of authentication protocol on both theoretical analysis and system design will improve the security, usability, efficiency and management of network security platforms, provide high efficiency and practical security solutions to network applications. In this dissertation, we put our focus on the authentication protocols and the design of a VIKEY user authentication system. The contributions of the dissertation are as follows.1) Cryptology is the foundation of authentication. It is the base of the data privacy, data integrity and authentication. The truly secure and reliable methods of authentication in an open network are based on authentication protocols. It is also the core issue of authentication protocols. We discuss two categories cryptographic, symmetric key based and public key based, and the principles of hash function, non-repudiation mechanism and message authentication. We also discuss digital signature and digital certificates, which are the basis of Public Key Infrastructure (PKI).2) Security and efficiency authentication protocols are the core of the user authentication system. We study the authentication method. The categories, design method analysis and security analysis of authentication protocols are introduced. The process of some classic authentication protocols is described in detail. Their different features and application environment are also discussed through analysis of classic authentication protocols. Then we analyze the main authentication mechanism.3) Kcrbcros is an authentication system used in distributed networks. The Kerberos components, inter-realm and cross-realm authentication scheme are introduced. Its function character and limitations are also analyzed. An improved scheme, which uses public-key encrypt session key, client creating random as the session key of client and server, nonce replace timestamp, is put forward. The security has enhanced through the improved scheme.4) Public Key Infrastructure(PKI) has been widely used nowadays. We discussed its components, functions, protocols and standard. Certification Authority (CA), which is the core of PKI, is discussed in detail. We also describe the X.509 certificates and authentication process. According to our analysis of PKI, we can see it is an important authentication technique.5) We design and implement a user authentication system, named VIKEY, which is based on dynamic password authorization mechanism, using USB key as user authentication device. VIKEY system can provide transparent authentication services to popular applications such as WWW, Telnet, FTP, etc. in network environment. We discuss the principle and structure of the system, including authentication protocol, software module and database management. According to theanalysis of the system, we come to a conclusion that it is a real secure, practical and useful one. |
PDF Full Text Request